flash - Login sometimes does not work across tabs/windows in django -

I want to log in from a secondary window to a Django website. That is, I have a flash file connecting to a DNS server. On choosing a login in the Flash file, the second window opens (i.e. Facebook Login Popup). The Facebook client-based login flow is used to log in to the user and the user_id received by it is sent to the DNS server to identify and log in. At this level I have verified that at this level, certify and the login function of diego.content.ath is called and user.is_authenticated () gives correct returns.

But on the client side in the original window containing the Flash file, the user sometimes remains AnonymouseUser or not, at other times, the user is identified correctly.

On checking the database entries for the current sessions, I see that when the user is not logged in, two sessions are present, whereas when a user is logged in, then there is only one session .

I am not sure why an extra session is created and how it is addressed.

Note - I am using a custom authentication backend.

UPDATE I dug into the system system to see what had happened. Django has a mechanism to change the key for a session while retaining the data. What happens in my case is that the session key changes twice, this happens after it is expected during the entry. But soon after, another request changes the session key. This request has not been made by me in my client code. It appears that for /favicon.ico this is where it is generated

Update 2 It definitely seems related to favicon.ico now when I am serving it in the root, then work properly after some refreshes. I think the problem was already because the browser request for the favicon was messing the session, when it was unsuccessful.

Update 3 has not been resolved. I really appreciate it if someone can tell me in the right direction, I will see if I can change the login flow to bypass this mechanism.

UPDATE 4 So after going through some stack traces (which I can share if I need it), I realized the following as the user was trying to log in A session ID changes, it creates a situation where a session ID gives birth to two session ID Request 1 - An AJAX request due to login is a session key provided by the Django in this request, say key 1 . In response, the server sends a new session key, key 2 says, when Key 1 is removed from its memory (in my case database) Request 2 - This request made by the browser after request 1 for Flickr. is. (As you may know that this request has been made by the browser and I can not control it) this request also comes with key key, key 1. Since this key is not available in memory for Django, it creates a new key, Key 3 and sends back the response.

As a result, all further requests are made with key3, which Django is stored in a new session and locked state with key 2.

I'm not sure whether this is a bug in Django or if it is a desired behavior but if it is a intended behavior, then the problem will arise, when any customer is waiting for the previous reaction AJAX requests and key-change begins.

After saying this, my basic problem remains and I will post a solution if and when I find someone.

Many of the solutions I have applied now, now as 2, call the login url This means that if working as per the above mentioned in Update 4, the second login will go with the request key 3 and the key 4 will be received. But since there is no other concurrent request from my code or browser, this will be key and the user will always be logged in. So far, after 2 days of testing, it seems to work.

But my solution is an alternative solution, I would still like to know that this is a bug in the DNS or there is something wrong with my code logic.